By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Android for cars: Secure connection?
    1 year ago
    Miner found inside free and pirated software
    1 year ago
    Experiment: How easy is it to spy on a smartwatch wearer?
    1 year ago
    Latest News
    Earn up to $10,000 for Vulnerabilities in WordPress Software
    3 hours ago
    Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
    3 hours ago
    Short-URL Services May Hide Threats
    24 hours ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
    1 day ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro 4 teardown: Get a closer look at the components
    1 year ago
    How to reset Windows Update components on Windows 10
    1 year ago
    Windows 11 build 22610 with new changes in Dev and Beta Channels
    1 year ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    10 months ago
    Now you can speed up any video in your browser
    10 months ago
    How to restore access to a file after EFS or view it on another computer?
    10 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    11 months ago
  • How To
    How ToShow More
    Bigger, Better, Cooler in a 2U1N form factor
    Bigger, Better, Cooler in a 2U1N form factor
    4 hours ago
    Vulnerability in crypto wallets created online in the early 2010s
    1 day ago
    Use Windows 11 features to inspire creativity, speed up everyday tasks
    2 days ago
    Windows brings nostalgia to the holidays with the return of Windows Ugly Sweaters, this year featuring the Bliss backdrop
    3 days ago
    Better debugging for Cloudflare Workers, now with breakpoints
    Better debugging for Cloudflare Workers, now with breakpoints
    3 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Hide your IP address from trackers in Safari
    1 year ago
    Simultaneous display of all search results in Firefox
    1 year ago
    Easter eggs about Google in DuckDuckGo
    1 year ago
    Latest News
    Change screen brightness on Windows 11
    3 hours ago
    How to share Microsoft 365 Family subscription with other people
    2 days ago
    How to enable random MAC address for Wi-Fi on Windows 10
    2 days ago
    How to join Office apps to Microsoft 365 Insider Program
    2 days ago
  • Glossary
  • My Bookmarks
Reading: Petya ransomware eats your hard drives
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Petya ransomware eats your hard drives

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
8 Min Read

[Updated on June 28, 2017]

Contents
How Petya gets his hands on your PCYour hard drive belongs to usFighting PetyaUpdate from June 28, 2017

It looks like 2016 should be declared a year of ransomware, as new families and new versions are popping up every now and then like mushrooms after the rain.

Ransomware is evolving — fast. The new versions of ransomware use strong asymmetrical encryption with long keys so that files cannot be decrypted without the key. The bad guys have started using TOR and payments in bitcoins for the sake of staying totally anonymous. And now there is Petya ransomware which in a certain sense encrypts the whole hard drive all at once instead of encrypting files one by one.

Petya ransomware eats your hard drives

How Petya gets his hands on your PC

Petya is a piece of ransomware that targets mostly business users, as it is distributed in spam emails that pretend to contain job applications. The standard infection scenario looks like this:

An HR employee receives an email from some person seeking a position in the company. The email contains a Dropbox link to a file which pretends to be their curriculum vitae but in reality it’s an EXE file.

Petya #ransomware encrypts master file table via @threatpost https://t.co/kCpbUcT1kV pic.twitter.com/9e6YjTkEVV

— Kaspersky Lab (@kaspersky) March 28, 2016

They click on the file, but never get a CV that they are supposed to find there. Instead they get a Blue Screen of Death. That means Petya has made its way into the user’s PC and started its dirty work.

Your hard drive belongs to us

Common ransomware usually encrypts files of certain types — pictures, Office documents and so on — and leaves the operating system unharmed so that the victim could use the PC to pay the ransom. But Petya is much more brutal as it aims to block access to the whole hard drive.

In a nutshell, no matter how your hard drive is organized, whether there is only one partition or more, there’s always some disk space invisible for you called Master Boot Record (MBR). It contains all the data on the number and organization of partitions, and it also contains a special code used to start booting the OS — it’s called boot loader.

This boot loader always runs BEFORE the operating system. And this is exactly what Petya infects: it modifies boot loader so that it loads Petya’s malicious code instead of any operating system installed on the PC.

Researchers Learning More About #Petya Ransomware: https://t.co/WwOQ1mEsRb pic.twitter.com/O4TaS593ta

— Kaspersky Lab (@kaspersky) March 29, 2016

For the user it looks like Check Disk is running, which is pretty much OK after an operating system crash. But what Petya actually does at this moment is it encrypts Master File Table. That is yet another hidden part of your hard drive’s personal life. This table contains all the information about how files and folders are allocated.

Think of your hard drive as a vast library which contains millions or even billions of items. And the Master File Table is a library index. Well, that explanation is greatly simplified, let’s make it more realistic: on your hard drive ‘books’ are rarely stored as detached items, but rather as single pages or even scraps of paper. In heaps. No, not in any particular order, it’s pretty much random.

Perhaps now you have a general idea how uneasy it would be to find a single ‘book’ if someone had stolen this ‘library index – this is exactly what Petya ransomware does.

Once it’s done, Petya reveals its true face that looks like a skull built with ASCII symbols. Then the usual routine begins: the malware requires that the user has to pay a ransom (0.9 bitcoins which is about $380) if you want to decrypt the hard drive and get your files back.

The only difference from other ransomware is that Petya is completely offline, which is no surprise since it had ‘eaten’ the operating system. So the user has to find another computer in order to pay the ransom and get their data back.

Let's talk #Ransomware. Would you pay the #hackers ransom?

— Kaspersky Lab (@kaspersky) March 29, 2016

Fighting Petya

Unfortunately, as with other recent types of ransomware, researchers still haven’t found a way to decrypt information encrypted by Petya. However, there are still a few thing you can do to protect yourself and your data and some good news regarding Petya’s distribution.

The good news is that Dropbox has removed the malicious archives with Petya from its cloud storage. So now the bad guys have to find some other way of distribution. The bad news is that it probably won’t take them long to do that.

10 tips to protect your files from ransomware https://t.co/o0IpUU9CHb #iteducation pic.twitter.com/I47sPIiWFF

— Kaspersky Lab (@kaspersky) November 30, 2015

So, let’s get back to protection. What can you do?

1. When the user sees the Blue Screen of Death, all their data is still not corrupted, since Petya hasn’t started to encrypt the Master File Table. So if you see that your computer shows you a BSOD, reboots and starts the Check Disk — immediately shut it down. At this point you still can remove your hard drive, connect it to another computer (but don’t use it as a boot device!) and recover your files.

2. Petya encrypts only the MFT leaving the files themselves untouched. Files still can be recovered by specialists in hard drives recovery. This procedure would be intricate and time-consuming and it will cost you a pretty penny, but basically it is doable. However don’t try to do it at home — a mistake can make your files gone forever.

3. The best way is to protect yourself proactively using a good security solution. Kaspersky Internet Security won’t get the spam emails through, so you probably won’t even see the email containing the link to Petya. Even if Petya somehow sneaks in, it would be detected as Trojan-Ransom.Win32.Petr and Kaspersky Internet Security would block all its activities. And so would all the other our anti-virus solutions.

Update from June 28, 2017

If you’re looking for information regarding the new Petya / NotPetya / ExPetr ransomware outbreak, we have a dedicated post with advice on how to protect your files.


Source: kaspersky.com

Translate this article

TAGGED: Encryption, Malware, RC4, Security, Split tunneling, Targeted Attack, Threats, Transport Layer Security, YouTube
Vitus White October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Bigger, Better, Cooler in a 2U1N form factor
Bigger, Better, Cooler in a 2U1N form factor
Apps 4 hours ago
Change screen brightness on Windows 11
News 6 hours ago
Earn up to $10,000 for Vulnerabilities in WordPress Software
Earn up to $10,000 for Vulnerabilities in WordPress Software
Wordpress Threats 6 hours ago
Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
Wordpress Threats 6 hours ago
Short-URL Services May Hide Threats
Threats 1 day ago

You Might Also Like

Bigger, Better, Cooler in a 2U1N form factor
Apps

Bigger, Better, Cooler in a 2U1N form factor

4 hours ago
Earn up to $10,000 for Vulnerabilities in WordPress Software
Wordpress Threats

Earn up to $10,000 for Vulnerabilities in WordPress Software

6 hours ago
Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
Wordpress Threats

Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

6 hours ago
Threats

Short-URL Services May Hide Threats

1 day ago
Show More

Related stories

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
BridesMaid – neuron writes toasts For those very occasions when you need to give out a powerful
The other day Yandex pleased us with the announcement of a new Midi station – an excellent reason to listen
REMIX – remixes of pictures from neural networksCreate, share and correct works
How to download Diablo IV for free and absolutely legallyBlizzard has opened a free
Rostelecom employees were forced to abandon Android and iOS in favor of Aurora.
Previous Next

10 New Stories

Vulnerability in crypto wallets created online in the early 2010s
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
Thrive Theme: Dismiss Tooltip to Privilege Escalation
How To Redirect WordPress from HTTP to HTTPs
Use Windows 11 features to inspire creativity, speed up everyday tasks
How to protect corporate routers and firewalls against hacking
Previous Next
Hot News
Bigger, Better, Cooler in a 2U1N form factor
Change screen brightness on Windows 11
Earn up to $10,000 for Vulnerabilities in WordPress Software
Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
Short-URL Services May Hide Threats
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?